Trojan.Win32.Vebzenpak.dcv (file analysis)

The Trojan.Win32.Vebzenpak.dcv is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Win32.Vebzenpak.dcv virus can do?

Executable code extraction
Creates RWX memory
Unconventionial language used in binary resources: Chinese (Traditional)
Network activity detected but not expressed in API logs
Anomalous binary characteristics

How to determine Trojan.Win32.Vebzenpak.dcv?


File Info:
crc32: C880CEC1
md5: 2eac1d716a805fbca396af703b9183c7
name: ds.exe
sha1: 4303c7ffead924f43b899f1370fcbd58f2419fd9
sha256: 42619e1b5496499a896f1fffdc7528cee653f24d48b6f7500afd8a050ba5f567
sha512: c0b0a9584284da25dd5c58165645db9a8cef051d5e9fd18378400b67038c57fda1a9a53b1806cdb736c3491ca5bd387ba2f4cd55cbf98f621d7ed05a705f085e
ssdeep: 768:LqGqpshlzjvv3YEGBAe4Xqk+SUWvcP5IRWS3L:LnDv3Be4XqkiWWIX
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0404 0x04b0
InternalName: Standar5
FileVersion: 1.00
CompanyName: NUBBLE
Comments: BROENDSALE
ProductName: tilbundsu
ProductVersion: 1.00
FileDescription: Subdup4
OriginalFilename: Standar5.exe

Trojan.Win32.Vebzenpak.dcv also known as:

DrWeb	Trojan.DownLoader33.3184
MicroWorld-eScan	Trojan.GenericKD.33288502
Qihoo-360	Win32/Trojan.51d
McAfee	Fareit-FRM!2EAC1D716A80
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Vebzenpak.4!c
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Trojan.GenericKD.33288502
K7GW	Riskware ( 0040eff71 )
BitDefenderTheta	Gen:NN.ZevbaF.34090.dm0@a0gdwveb
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
GData	Trojan.GenericKD.33288502
Kaspersky	Trojan.Win32.Vebzenpak.dcv
Alibaba	Trojan:Win32/vbcrypt.ali2000008
Ad-Aware	Trojan.GenericKD.33288502
Sophos	Mal/Generic-S
McAfee-GW-Edition	BehavesLike.Win32.BadFile.qt
Trapmine	malicious.moderate.ml.score
Emsisoft	Trojan.GenericKD.33288502 (B)
SentinelOne	DFI – Suspicious PE
Arcabit	Trojan.Generic.D1FBF136
ZoneAlarm	Trojan.Win32.Vebzenpak.dcv
Microsoft	Trojan:Win32/Occamy.C
MAX	malware (ai score=100)
Malwarebytes	Trojan.MalPack.VB
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Injector.EKOR
Tencent	Win32.Trojan.Vebzenpak.Hvaa
Ikarus	Trojan.Win32.Krypt
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/GenKryptik.EELT!tr
AVG	Win32:Trojan-gen
Avast	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_60% (W)

How to remove Trojan.Win32.Vebzenpak.dcv?

Trojan.Win32.Vebzenpak.dcv removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X